# Troubleshoot authentication (https://developer.godaddy.com/en/docs/api-users/troubleshoot-authentication)



## Overview

This page covers the most common authentication and authorization errors you'll encounter when calling GoDaddy APIs. Each section describes the symptom, cause, and resolution.

## 401 Unauthorized

**Symptom:** API returns `401` with `code: "UNAUTHORIZED"`.

**Cause:** The `Authorization` header is missing, malformed, or the token has expired or been revoked.

**Resolution:**

* Verify the header format is `Authorization: Bearer <token>` (no extra whitespace or quotes around the token value).
* Check the token hasn't expired — PATs have a configurable expiration. Generate a new one if needed.
* Confirm the token hasn't been revoked on the [Personal Access Token](https://developer.godaddy.com/personal-access-token) page.
* If using `sso-key`, verify the format is `sso-key <key>:<secret>` with no extra spaces.

## 403 Forbidden — missing scope

**Symptom:** API returns `403` with a code indicating insufficient permissions, despite a valid token.

**Cause:** The token is valid but doesn't include the scope required for the operation.

**Resolution:**

* Check the `code` field in the error response — it distinguishes between scope and eligibility issues.
* Generate a new token with the required scopes. Go to [Authentication — PAT scopes](https://developer.godaddy.com/docs/api-users/auth#pat-scopes) for the full list.
* The `domains.domain:read` scope is required even for write operations that need to verify state.

## 403 Forbidden — account eligibility

**Symptom:** API returns `403` with a code like `ACCOUNT_NOT_ELIGIBLE` despite having the correct scope.

**Cause:** The account doesn't meet the eligibility requirements for the operation — typically a missing payment profile or domain ownership requirement.

**Resolution:**

* For billing-related eligibility: add a payment method. Go to [Set up a payment profile](https://developer.godaddy.com/docs/api-users/payment-profile).
* For domain management eligibility: the account must hold at least one domain or be on a plan that grants management access.
* Check the `code` field — don't rely on HTTP status alone to distinguish scope from eligibility issues.

## 422 with `NO_PAYMENT_PROFILE`

**Symptom:** API returns `422` with `code: "NO_PAYMENT_PROFILE"` on quote or purchase calls.

**Cause:** The operation requires a funded billing method (registration, renewal, transfer) but the account has no payment method on file.

**Resolution:** Add a payment method. Go to [Set up a payment profile](https://developer.godaddy.com/docs/api-users/payment-profile).

## Token stops working after working previously

**Symptom:** A token that was working returns `401` without any code changes.

**Cause:** The token expired (PATs have a configurable expiration) or was revoked.

**Resolution:**

* Check the token's expiration date on the [Personal Access Token](https://developer.godaddy.com/personal-access-token) page.
* If expired or revoked, generate a new token.
* Update your secrets manager or environment variable with the new value.
